njrat | d696e8d25a81c50c80c1ecf6e771aa6f611ab06fbab8361b93b042b21a74569a | Triage

Sharing

General

Target

Client.exe
Size

31KB
Sample

250224-s84kwszry4
MD5

c1e1a897a37cba513dc9dfddedbcde38
SHA1

374066888f20838dc30e66b2c096e79b80fa69ab
SHA256

d696e8d25a81c50c80c1ecf6e771aa6f611ab06fbab8361b93b042b21a74569a
SHA512

91077e9239ef5827669b4bd3355c80fd980920ea59cbbd335b4eba3d853c0c339e362a8875f17b953e3d2de17f144d9526a9392a47e8a3ca1bc04adb7f31d220
SSDEEP

768:zFM5TP1/plIzxTCfVYAvN1Zvy/QmIDUu0tiUVj:Ob1ay/YQVkJj

Score

10^/10

njrat mybot defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

127.0.0.1:6522

Mutex

60c28f2ec9c1d3d7f391e11534af955e

Attributes

reg_key
60c28f2ec9c1d3d7f391e11534af955e
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Client.exe
- Size
  
  31KB
- MD5
  
  c1e1a897a37cba513dc9dfddedbcde38
- SHA1
  
  374066888f20838dc30e66b2c096e79b80fa69ab
- SHA256
  
  d696e8d25a81c50c80c1ecf6e771aa6f611ab06fbab8361b93b042b21a74569a
- SHA512
  
  91077e9239ef5827669b4bd3355c80fd980920ea59cbbd335b4eba3d853c0c339e362a8875f17b953e3d2de17f144d9526a9392a47e8a3ca1bc04adb7f31d220
- SSDEEP
  
  768:zFM5TP1/plIzxTCfVYAvN1Zvy/QmIDUu0tiUVj:Ob1ay/YQVkJj
Score

10^/10

defense_evasion discovery persistence privilege_escalation njrat trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation

behavioral2

njratdefense_evasiondiscoverypersistenceprivilege_escalationtrojan